Atty Docket No. 10742-US-PCT 
4214-24802 



Patent 



REMARKS 



The Final Office Action of May 21 , 2010 has been carefully reviewed. Applicants 
respectfully request the Examiner to reconsider the rejections and allow the pending 
claims in view of the following remarks. 



I. Asserted Anticipation 

The Final Office Action of May 21 , 2010 (the Office Action) rejected claims 1,3-11, 
and 19-28 as anticipated by Gbadegesin (U.S. Patent Application Publication 
20030065676). This rejection is respectfully traversed. 

Applicants first address claim 1 . For convenience, claim 1 is reproduced below: 

1. (Previously Presented) A wireless mobile communication 
device, comprising: 

at least one memory storing a first domain comprising a first 
set of assets each sharing a first level of trust, and the at least one 
memory storing a second domain comprising a second set of assets 
each sharing a second level of trust, wherein the first level of trust is 
different than the second level of trust; and 

a domain controller configured to control the first domain and 
the second domain, and further configured to control access to the 
first set of assets and the second set of assets; 

wherein the domain controller is further configured to receive 
a request to perform an operation affecting a particular asset in the 
first set of assets and to determine whether the request originated 
from a first entity that has a first trust relationship with the first 
domain; and 

wherein the domain controller is further configured to permit 
completion of the operation affecting the particular asset only if the 
request originated from the first entity, and wherein the domain 
controller is further configured to permit the first entity to perform 
operations with respect to each of the first set of assets. 

Gbadegesin does not disclose several features of claim 1 . For example, 

Gbadegesin does not disclose, "at least one memory storing a first domain comprising a 

first set of assets each sharing a first level of trust, and the at least one memory storing a 
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second domain comprising a second set of assets each sharing a second level of trust, 
wherein the first level of trust is different than the second level of trust." Gbadegesin also 
does not disclose, "wherein the domain controller is further configured to receive a 
request to perform an operation affecting a particular asset in the first set of assets and to 
determine whether the request originated from a first entity that has a first trust 
relationship with the first domain." Still further, Gbadegesin does not disclose, "wherein 
the domain controller is further configured to permit completion of the operation affecting 
the particular asset only if the request originated from the first entity." Applicants address 
each of these features in detail, below. 

Applicants first address the disclosures of Gbadegesin generally in order that the 
context of claim 1 may be understood in the light of Gbadegesin. Gbadegesin discloses a 
method for maintaining security in a network device in which a device might have 
concurrent connection to multiple networks. Gbadegesin, Abstract. In particular, 
Gbadegesin discloses a method for managing concurrent access to multiple resources 
when a device has access to multiple networks. Id., paragraphs 4-7. 

Gbadegesin addresses this issue by dividing resource sets of various devices into 
different virtual machines. Gbadegesin, Abstract, paragraph 8. A first access control list 
may be used to define whether a principal (an application or device) may access or 
create a resource in a resource set. Gbadegesin, paragraph 29. A second, system-wide, 
access control list may be used by a management facility to define for each principal 
whether a principal has permission to concurrently access resources in more than one 
resource set and to create new resource sets. Paragraphs 29, 32-34. Figure 3 of 
Gbadegesin is useful for a general understanding of these disclosures: 
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In Gbadegesin, the 
computer 300 is divided 
into three virtual machines, 
311, 312, and the "new 
VM" (no reference 
numeral). Gbadegesin, 
paragraph 31. Resource 
set A 340 is placed in 
virtual machine 311. 
Resource set B is placed in 
virtual machine 312, and a 
new resource set is placed 
in the "new VM." When the 



management facility 380, which may be an operating system, receives a requested 
access operation, the management facility compares permissions with the two access 
control lists described above. Gbadegesin, paragraphs 33 and 34. If a requested 
operation results in concurrent access to resources in virtual machine 31 1 and virtual 
machine 312, and also such access is not allowed as specified in the access control lists, 
then the management facility 380 denies the requested operation. Gbadegesin, 
paragraphs 30 and 32-34. 

However, these features are not equivalent to the features of claim 1 described 
above. Applicants first address the feature, "at least one memory storing a first domain 
comprising a first set of assets each sharing a first level of trust, and the at least one 
memory storing a second domain comprising a second set of assets each sharing a 
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second level of trust, wherein the first level of trust is different than the second level of 
trust." In particular, Gbadegesin does not disclose the claimed domains, and Gbadegesin 
does not disclose that the assets in the domains share common levels of trust, as 
claimed. 

The Office Action appears to equate the virtual machines 31 1 and 312 in 
Gbadegesin with the claimed domains. However, these features are not equivalent. A 
virtual machine has a particular meaning in the art; a virtual machine is a software 
implementation of a computer that executes programs like a physical machine. A 
domain, in contrast, is not a virtual machine because a domain is not a software 
implementation of a computer. The meanings of these words are distinct to those of 
ordinary skill in the art. Thus, Gbadegesin does not disclose this feature of claim 1 . 

Additionally, the Office Action appears to equate the resources in the sets of 
Gbadegesin as sharing a level of trust, as claimed. However, the sets of resources in 
Gbadegesin do not share a level of trust, but rather only share common properties with 
regard to whether the resources in a set should be concurrently accessed with resources 
in another set. In other words, no common trust is shared among of the resources within 
a set in Gbadegesin; instead, common network properties are shared. In Gbadegesin, a 
determination whether to exclude concurrent access to certain resources is made by the 
management facility in view of the access control lists, which change depending on the 
application accessing a particular resource. Therefore, there is no common level of trust 
among resources in a set in Gbadegesin, as claimed. 

Applicants now address the fact that Gbadegesin does not disclose the claimed 
feature of, "wherein the domain controller is further configured to receive a request to 
perform an operation affecting a particular asset in the first set of assets and to determine 
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whether the request originated from a first entity that has a first trust relationship with the 
first domain." Thus, claim 1 requires a determination whether the request originated from 
an entity that has the first trust relationship. Gbadegesin does not disclose this feature. 

The Office Action asserts otherwise, citing the principal, and paragraphs 8 and 44 
of Gbadegesin. The principal is an entity, such as a user or system process, that may be 
given permission to perform certain operations. Gbadegesin, paragraph 8. The principal 
is also disclosed as a logical entity that can make requests. Gbadegesin, paragraph 44. 

However, no actual determination is made that the request originated from a 
principal. The Office Action also cites paragraph 23, Figure 4 (#450) and paragraph 35. 
Figure 4, step 450, is a determination in a flowchart of whether the principal has 
permission to access the resource set in the target virtual machine. However, 
determining whether the principal has permission to access the resource set is not the 
same as determining that the request originated from a principal, or from "a first entity that 
has a first trust relationship with the first domain," as claimed. 

Paragraph 35 of Gbadegesin describes the flowchart of Figure 4. Again, as can 
be seen in Figure 4 itself, Gbadegesin never discloses determining that the request 
originated from a principal, or from "a first entity that has a first trust relationship with the 
first domain," as claimed. 

Paragraph 23 of Gbadegesin discloses that application instances are assigned to 
virtual machines and are associated with a set of resources. Applications are divided into 
two types, privileged and unprivileged, with respect to whether an application is allowed 
concurrent access. However, again, no determination is ever made that a request 
originated from a principal, or from "a first entity that has a first trust relationship with the 
first domain," as claimed. 
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Therefore, Gbadegesin does not disclose, "wherein the domain controller is further 
configured to receive a request to perform an operation affecting a particular asset in the 
first set of assets and to determine whether the request originated from a first entity that 
has a first trust relationship with the first domain," as in claim 1 . Accordingly, Gbadegesin 
does not anticipate claim 1 . 

Still further, the principal in Gbadegesin does not have a trust relationship with any 
given virtual machine; rather, the access control lists are simply used to determine 
whether a principal has permission to concurrently use any given sets of resources. 
Thus, Gbadegesin does not disclose that a "first entity that has first trust relationship with 
the first domain," as in claim 1. 

Stated differently, if the Office Action equates the virtual machines in Gbadegesin 
to domains in claim 1 , then for Gbadegesin to read on claim 1 a principal in Gbadegesin 
would have to have a trust relationship with at least one virtual machine in Gbadegesin. 
However, the principals in Gbadegesin have no trust relationships with the virtual 
machines at all. Rather, access control lists simply state rules as to how principals can 
access resources within the virtual machines. Thus, again, Gbadegesin does not 
disclose a "first entity that has first trust relationship with the first domain," as in claim 1 . 
Accordingly, Gbadegesin does not anticipate claim 1 . 

Applicants now show the reason that Gbadegesin does not disclose the claimed 
feature of, "wherein the domain controller is further configured to permit completion of the 
operation affecting the particular asset only if the request originated from the first entity." 
As shown above, Gbadegesin never actually discloses determining whether the request 
originated from a particular entity. Thus, Gbadegesin cannot be configured to permit 
completion of an operation only if the request originated from the first entity, as claimed. 
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The Office Action refers to paragraphs 30 and 34 as disclosing this feature. 
Paragraph 30 discloses whether a principal has permission to access resources, and may 
permit or deny the principal access accordingly. However, in the cited text no 
determination is made of where the access request originated. Furthermore, the 
determination to allow or deny an "operation" is not based on whether the request 
originated from a given entity, as claimed. Thus, this portion of Gbadegesin does not 
disclose the claimed feature. 

Paragraph 34 discloses that, if the access control lists do not allow a requested 
resource access operation to take place, the management facility denies the request. If 
the denial is based on a prohibition against concurrent access, the management facility 
may move the requesting application among virtual machines or create a new instance of 
the application. The management facility follows the rules provided in the access control 
list. However, Gbadegesin does not disclose determining whether the access operation 
request originated from a particular entity, and also does not disclose taking some action 
if the request originated form the particular entity. In other words, Gbadegesin never 
discloses permitting completion of the operation only if the request originated from the 
first entity, as claimed. As shown above, Gbadegesin does not disclose several features 
of claim 1 . Therefore, Gbadegesin does not anticipate claim 1 . 

Independent claims 1 1 and 26 each contain at least some features similar to those 
described above. Thus, Gbadegesin does not anticipate the remaining independent 
claims. Gbadegesin does not anticipate the remaining dependent claims at least by 
virtue of their dependency on the independent claims. 
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II. Asserted Obviousness 

The Office Action rejected claim 2 as obvious in view of Gbadegesin and Paatero 
(U.S. Patent Application Publication 2003/0163685). This rejection relies on the Office 
Action assertions regarding Gbadegesin. As shown above, Gbadegesin does not 
disclose numerous features of the independent claims. 

Additionally, Paatero does not disclose domains or their use. Applicants 
respectfully submit that the memory 16 and tamper resistant memory 16', cited by the 
Office Action, cannot reasonably be considered "domains" in the manner previously or 
currently claimed. Additionally, no "common level of trust" is present in Paatero because 
only a single key is used to access the secured data. 

Gbadegesin and Paatero, either alone or in combination, fail to disclose all the 
features of the independent claims. Accordingly, no prima facie obviousness rejection 
can be stated against claim 2 since dependent claim 2 includes all the features of 
independent claim 1 . 
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CONCLUSION 



The Applicants respectfully submit that the Application, in its present form, is in 
condition for allowance. If the Examiner has any questions or comments or otherwise 
feels it would be helpful in expediting the application, the Examiner is encouraged to 
telephone the undersigned at (972) 731-2288. The Applicants intend this communication 
to be a complete response to the Final Office Action mailed May 21, 2010. 

The Commissioner is hereby authorized to charge payment of any fee associated 
with any of the foregoing papers submitted herewith or any fees during the prosecution of 
the present case to Deposit Account No. 50-1515, Conley Rose, P.C. 



Respectfully submitted, 



CONLEY ROSE, P.C. 





J. Robert Brown, Jr. 
Reg. No. 45,438 



5601 Granite Parkway, Suite 750 
Piano, Texas 75024 
Telephone: (972)731-2288 
Facsimile: (972)731-2289 



ATTORNEY FOR APPLICANTS 
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